Version With Markings to Show Changes Made 


The paragraph beginning on page 8, line 16: 
["FIG. 3 ] 

"FIGS, 3-1 and 3-2 is an illustrative embodiment in the form of a flowchart of the 
process by which the operating system and agent are able to start up and run simultaneously." 


The paragraph beginning on page 8, line 20: 
["FIG. 4A ] 

"FIGS. 4A-1 and 4A-2 is an illustrative embodiment in the form of a flowchart showing 
the Agent's work cycle according to an embodiment of the invention." 


The paragraph beginning on page 8, line 35: 

"FIGS. 6 A, [6C] and [6D] §Q are illustrations of alternatives to loading of the Agent. 


The paragraph beginning on page 10, line 29: 

"FIG. [14F] 14E . 14G are portions of an illustrative embodiment in the form of a 
flowchart showing the agents' work cycle according to an embodiment of the invention." 

The paragraph beginning on page 10, line 33, has been deleted and replaced with the 
following: 

"FIG. [14F1] 14F is a portion of an illustrative embodiment in the form of a flowchart 
showing the agents 5 work cycle for the Internet application." 


The paragraph beginning on page 20 3 line 22: 
["FIG. 3 ] 

"FIGS. 3-1 and 3-2 is a flow chart of the agent work cycle. This work cycle describes 
the method by which the Agent is loaded when the client computer 10 is initially turned on or 
reset, and the manner in which the operating system and the agent run concurrently. In this 
illustrative embodiment, the Agent is embedded in software. Once the client computer 10 is 
powered on 1 1, it performs a power on self-test (POST) 12. The POST tests the system 
hardware, initializes some of the devices for operation, and loads the master boot record (MBR) 
13. Since the MBR was installed with an Agent subloader, the subloader is loaded into memory 
14 and executed. The subloader' s first task is to load the Agent into memory 15 (which is 
discussed in detail below in reference to FIG. 5.) Then the subloader loads the operating system 
(OS) into memory 16 and returns control to the operating system. Now both the operating 
system 17 and the Agent 18 are running simultaneously." 

The paragraph beginning on page 21, line 16: 

"In alert mode the Agent will attempt to call the host eighteen times per second until it is 
successful. Once in alert mode, the Agent does a thorough search within the computer to find 
free (not currently being used by any running application) communication equipment 20. In an 
illustrative embodiment, the communication equipment comprises a modem 9. It is 
contemplated herein that different communication mechanisms (i.e., modem, satellite link, RF 
link, etc.) can be provided at several of the communication ports. In such a scenario, the Agent 
would poll the communication ports (corresponding to the different communication mechanisms) 


to find free communication equipment. If the Agent fails to find any free equipment, then the 
Agent will abort its attempt to call the host and repeat the cycle 18 within one-eighteenth of a 
second. However, if the Agent locates free communication equipment, it will call the host 21. 
Upon receiving a call from the client computer 10, the host examines the Agent identity, which 
according to the preferred embodiment is the serial number of the client computer, and 
determines if a connection should be established 22. The host establishes a connection when the 
serial number of the computer contacting the host matches an entry on a list of reported lost or 
stolen computers. In an alternative embodiment, this call-filtering feature is eliminated and the 
host system establishes a connection whenever there is an incoming call. The list of reported lost 
or stolen computers is maintained within the host monitoring system C. If the host does not 
accept the call the Agent will not call back until the next appropriate time (after predetermined 
time period has elapsed) 18. If the host accepts the call, then the Agent will send the host its 
encoded identity (such as its ESN), location (caller ID), any relevant serial numbers of computer 
components, such as CPU, hard drive, BIOS and any other desktop management interface (DMI) 
and any other pertinent information such as local date and time 23. The Agent then checks if the 
host has any data or commands for the client 24. If the host has no data or commands to be sent, 
then the Agent will terminate the call and repeat the cycle 18. Otherwise, the host will send the 
data or commands 25 before it terminates the call, and returns to "active" mode 18. This work 
cycle is described in much greater detail below with reference to FIGS. 14E, 14F [, 14F1] and 
14G." 


The paragraph beginning on page 25, line 7: 


"Once activated the Agent takes control of the whole computer 708. If it determines that 
it should call the Host computer, it follows the processes described in reference to [FIG.] FIGS. 
4A -L 4A-2 . 4B and 4C. Basically, it finds a free communication port, establishes a 
communication link to the Host, sends its identity then relinquishes control back to the 
machine's start-up ROM procedure. After POST ended 713, the machine's start-up ROM 
procedure loads the operating system from disk 714, and passes control to it 715." 

The paragraph beginning on page 25, line 16: 

"Referring to [FIG.] FIGS, 4A -1 and 4A-2 . a flow chart is provided which describes one 
embodiment of the Agent work cycle in accordance with this invention. The Agent looks for 
communications ports to be used. There are two types of communications ports: the old by 
popular communications ports are called COM; and the new PCMCIA ports called PCMCIA. 
Since COM is the more popular than PCMCIA, the Agent first looks for COM communications 
ports 322-338, if no COM communications ports are found then it will look for PCMCIA ports 
338-350. To look for COM communications ports, the Agent checks all COM port addresses 
using COM port address table 333 to see if they exist 335. The first one encountered will be 
dynamically hooked 336 into by swapping the appropriate interrupt handler and unmasking the 
appropriate interrupt request line. If an error occurs, the next port will be checked 338, 334 until 
either a valid COM port is found or the COM port address table has been exhausted 338. If the 
COM communication port responds properly, then attempt to check if a modem is currently 
connected to this COM communications port via issue of the Hayes compatible AT command 
339. If the modem does not exist, then the next port will be checked 338. If the modem exists it 
will respond with an "OK" to the AT command 341." 


The paragraph beginning on page 28, line 19 and ending on page 28, line 22: 
"Instead of making a modem call via the PSTN, the BIOS Agent may be configured to 

communicate with the host monitoring server via the Internet in a similar fashion as explained in 

reference to [FIG. 3"1 FIGS. 3-1 and 3-2." 

The paragraph beginning on page 30, line 12: 

"Referring now to FIG. [14F1] 14F , a flow chart is provided which describes in detail the 
background process operations relating to the Internet application. The background process 
wakes up every four hours 200. It uses the current date and time together with the agent 
identification (serial number) to encode an Internet host name 205. This encoded host name is 
used in forming a DNS query 206 to be sent to the host Internet monitoring subsystem 9y. After 
sending this DNS query to the host Internet monitoring subsystem 9y through the Internet 207, 
the agent waits for a response 208. If an error is found 208a due to a missing DLL or poor 
TCP/IP configuration, or an error other than a timeout, then the agent will wait for four hours 
and repeat the cycle 200. If no response is received after a predetermined time period has 
elapsed, the agent will sleep for one minute 209 and then send another DNS query 205. Upon 
receiving a valid response from the host Internet monitoring subsystem 9y, the Internet Protocol 
(IP) address is extracted 210. If this IP address equals "204.174.10.1" 21 1 then the background 
process sets the agent's mode to alert 212. If the IP address does not equal"204. 174. 10.1" 211, 
then the agent remains in active mode and does not attempt to send another DNS query to the 
host for four hours 200." 


The paragraph beginning on page 33, line 10: 

"Referring to FIGS. [14F] 14E and 14G, the following is a detailed description of the 
agent work cycle with respect to the PSTN application. Once the system is powered on 1 17 a 
timer interrupt will occur 1 8.2 times per second. Every eighteen timer interrupts, the 
complementary metal-oxide semiconductor (CMOS) real-time clock will be accessed, and the 
time and date will be stored for comparison with the previous real-time clock access. If the date 
and/or time changes towards the future, no action will be taken to track the time displacement. 
In this way the agent determines whether it is time to call the host 118. Thus if the current date 
has advanced far enough into the future (past the date and time to call the host), the agent 
security system will change its mode of operation from active to alert whereby calls will be 
regularly attempted (eighteen times per second) until a call is made and a transaction with the 
host server has been completed. If the system time has been backdated, a modal change from 
active to alert will occur. This feature safeguards against a thief disabling the agent by 
backdating the client so that the agent does not call the host for a long period of time." 

The paragraph beginning on page 38, line 5: 

"Another configuration of the BIOS Agent is shown in FIG. [6C] |*B. The agent is 
implanted into the computer's BIOS 731 and/or bootstrap BIOS. When the computer is turned 
on or reset, the Agent loads itself into memory and checks for an image of itself on the 
computer's hard-disk 732. If an image of the Agent is found, that image is refreshed 733 and run 
from the disk 734. If an image is not found, one is created on the disk 735. The newly created 
image is then loaded into memory and run from the disk 734." 


The paragraph beginning on page 38, line 14: 

"Turning to the operating system independent methods, referring to FIG. [6E] fiC, the 
Agent is implanted into the computer's BIOS 741 and runs directly from the BIOS 742. As more 
fully discussed below, variations of the BIOS Agent may include implanting the Agent in a DSP 
of a modem, a CPU of the electronic device, a hard wired circuitry or an integrated circuit in the 
electronic device." 


